--- a/schema.py Thu Feb 11 12:19:08 2010 +0100
+++ b/schema.py Mon Feb 15 18:44:47 2010 +0100
@@ -283,22 +283,10 @@
isinstance(group_or_rqlexpr, RQLExpression):
msg = "can't use rql expression for read permission of %s"
raise BadSchemaDefinition(msg % self)
- elif self.final and isinstance(group_or_rqlexpr, RRQLExpression):
- if schema.reading_from_database:
- # we didn't have final relation earlier, so turn
- # RRQLExpression into ERQLExpression now
- rqlexpr = group_or_rqlexpr
- newrqlexprs = [x for x in self.get_rqlexprs(action)
- if not x is rqlexpr]
- newrqlexprs.append(ERQLExpression(rqlexpr.expression,
- rqlexpr.mainvars,
- rqlexpr.eid))
- self.set_rqlexprs(action, newrqlexprs)
- else:
- msg = "can't use RRQLExpression on %s, use an ERQLExpression"
- raise BadSchemaDefinition(msg % self)
- elif not self.final and \
- isinstance(group_or_rqlexpr, ERQLExpression):
+ if self.final and isinstance(group_or_rqlexpr, RRQLExpression):
+ msg = "can't use RRQLExpression on %s, use an ERQLExpression"
+ raise BadSchemaDefinition(msg % self)
+ if not self.final and isinstance(group_or_rqlexpr, ERQLExpression):
msg = "can't use ERQLExpression on %s, use a RRQLExpression"
raise BadSchemaDefinition(msg % self)
RelationDefinitionSchema.check_permission_definitions = check_permission_definitions
@@ -314,13 +302,14 @@
if eid is None and edef is not None:
eid = getattr(edef, 'eid', None)
self.eid = eid
- # take care: no _groups attribute when deep-copying
- if getattr(self, 'permissions', None):
- for groups in self.permissions.itervalues():
- for group_or_rqlexpr in groups:
- if isinstance(group_or_rqlexpr, RRQLExpression):
- msg = "can't use RRQLExpression on an entity type, use an ERQLExpression (%s)"
- raise BadSchemaDefinition(msg % self.type)
+
+ def check_permission_definitions(self):
+ super(CubicWebEntitySchema, self).check_permission_definitions()
+ for groups in self.permissions.itervalues():
+ for group_or_rqlexpr in groups:
+ if isinstance(group_or_rqlexpr, RRQLExpression):
+ msg = "can't use RRQLExpression on %s, use an ERQLExpression"
+ raise BadSchemaDefinition(msg % self.type)
def attribute_definitions(self):
"""return an iterator on attribute definitions
@@ -426,14 +415,24 @@
def has_perm(self, session, action, **kwargs):
"""return true if the action is granted globaly or localy"""
- if 'fromeid' in kwargs:
- subjtype = session.describe(kwargs['fromeid'])[0]
+ if self.final:
+ assert not ('fromeid' in kwargs or 'toeid' in kwargs), kwargs
+ assert action in ('read', 'update')
+ if 'eid' in kwargs:
+ subjtype = session.describe(kwargs['eid'])[0]
+ else:
+ subjtype = objtype = None
else:
- subjtype = None
- if 'toeid' in kwargs:
- objtype = session.describe(kwargs['toeid'])[0]
- else:
- objtype = None
+ assert not 'eid' in kwargs, kwargs
+ assert action in ('read', 'add', 'delete')
+ if 'fromeid' in kwargs:
+ subjtype = session.describe(kwargs['fromeid'])[0]
+ else:
+ subjtype = None
+ if 'toeid' in kwargs:
+ objtype = session.describe(kwargs['toeid'])[0]
+ else:
+ objtype = None
if objtype and subjtype:
return self.rdef(subjtype, objtype).has_perm(session, action, **kwargs)
elif subjtype:
@@ -919,6 +918,11 @@
kwargs['o'] = toeid
return self._check(session, **kwargs)
+# in yams, default 'update' perm for attributes granted to managers and owners.
+# Within cw, we want to default to users who may edit the entity holding the
+# attribute.
+ybo.DEFAULT_ATTRPERMS['update'] = (
+ 'managers', ERQLExpression('U has_update_permission X'))
# workflow extensions #########################################################